DOCSLIB.ORG

Report Criminal Law in the Face of Cyberattacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Report Criminal Law in the Face of Cyberattacks APRIL 2021 REPORT CRIMINAL LAW IN THE FACE OF CYBERATTACKS Working group chaired by Bernard Spitz, President of the International and Europe Division of MEDEF, former President of the French Insurance Federation (FFA) General secretary: Valérie Lafarge-Sarkozy, Lawyer, Partner with the law firm Altana ON I SS I AD HOC COMM CRIMINAL LAW IN THE FACE OF CYBERATTACKS CRIMINAL LAW IN THE FACE OF CYBERATTACKS CLUB DES JURISTES REPORT Ad hoc commission APRIL 2021 4, rue de la Planche 75007 Paris Phone : 01 53 63 40 04 www.leclubdesjuristes.com FIND US ON 2 PREFACE n the shadow of the global health crisis that has held the world in its grip since 2020, episodes of cyberattacks have multiplied. We should be careful not to see this as mere coincidence, an unexpected combination of calamities that unleash themselves in Ia relentless series bearing no relation to one another. On the contrary, the major disruptions or transitions caused in our societies by the Covid-19 pandemic have been conducive to the growth of offences which, though to varying degrees rooted in digital, are also symptoms of contemporary vulnerabilities. The vulnerability of some will have been the psychological breeding ground for digital offences committed during the health crisis. In August 2020, the Secretary-General of Interpol warned of the increase in cyberattacks that had occurred a few months before, attacks “exploiting the fear and uncertainty caused by the unstable economic and social situation brought about by Covid-19”. People anxious about the disease, undermined by loneliness, made vulnerable by their distress – victims of a particular vulnerability, those recurrent figures in contemporary criminal law – are the chosen victims of those who excel at taking advantage of the credulity of others. During the spring 2020 lockdown, some hundred scams registered in France were committed online by individuals posing as business leaders selling stocks of masks. The digital world then has to settle for fending off contemporary examples of classic scam behaviour. The vulnerability of information systems is itself the offspring of digital. Successive lockdowns, by promoting teleworking, telemedicine and distance selling, down to what have become the most mundane acts of everyday life such as contactless payments, have helped to multiply the circumstances that can give rise to the commission of cyberattacks. The defence to these, here as elsewhere, relies on the impossibility of access. Alas! Pirated passwords, uncorrected vulnerabilities, simple human failures (such as inadvertently downloading a trojan) literally open the doors of computer systems. What if all this revealed a structural vulnerability, that of our societies? Bound hand and foot to digital, contemporary societies draw from it what makes them both successful and fragile, in an edifying testimony to the ambivalence of digital. In fact, the Covid-19 pandemic has only exacerbated existing trends. For a long time now the risks of cyberattacks have been well identified, even where they are not already taking place. It should be recalled that the intangible dimension of cyberattacks does not mean they cannot attack, whether directly or indirectly, the bodily integrity or even the life of a person. In 2019, the US Department of Homeland Security warned of vulnerabilities in the radio communication system of certain cardiac defibrillators: if malicious 3 persons took advantage of such vulnerabilities, they could cause the death of a patient. In Germany, a woman in a life-threatening emergency could not be operated on at a hospital because it was being targeted by ransomware affecting around thirty of its servers: the woman died while she was being transferred to another hospital, having been admitted too late. On a larger scale, the combination of cyberattacks and terrorism represents “the” threat of the twenty-first century. In a configuration bringing the two together, “conventional” acts of terrorism such as the killings at the Bataclan could be supported by cyberattacks, for example targeting traffic-light systems: the key element being a total disruption of traffic, hampering the arrival of emergency and security forces. A further step towards dematerialisation and, as cyber war already shows us (think of the hacking of Iran’s nuclear programme by the Stuxnet virus attributed to the NSA, at any rate regarded as the first cyber weapon), we need to keep in mind the spectre of cyberattacks on OVIs, operators of vital importance. But already the link between terrorism and cyberattacks is well established on another level. The financial windfall which results from them, via ransoms or data sales, helps to support terrorist funding networks. Individuals are paying a high price for these attacks, but also and above all businesses. As the prime targets of cyberattacks, businesses of all sizes need to prepare for them and know how to respond when an attack occurs. A comprehensive approach to this issue has been presented to Le Club des Juristes by Valérie Lafarge-Sarkozy, a lawyer and expert of the Club. A commission was set up under the chairmanship of Bernard Spitz, the Ad Hoc Commission on Cyber Risk, bringing together experts from very different fields but whose areas of interest converge on digital. First considering it in terms of risk, a collective reflection by a sub-committee tasked with considering the insurance implications of cyberattacks led to an initial report entitled “Insuring Cyber Risk”, published by Le Club des Juristes in January 2018. As a follow-up to this reflection, another sub-committee was appointed to consider the law enforcement component. Having completed its work, it is delivering this report on “Criminal law in the face of cyberattacks”. The editors of the report have brought all their experience to bear as professionals working closely with cyberattacks. Valérie Lafarge-Sarkozy and Laetitia Dage, lawyers, Myriam Quéméner, prosecutor (avocat général) at the Paris Court of Appeal and Anne Souvira, chief superintendent (commissaire divisionnaire) and officer responsible for cybercrime issues at the office of the Paris Metropolitan Police Commissioner préfet( de police de Paris), have shared their skills and experience in drawing up the report. This author has had the privilege of following its genesis and today has the pleasure of writing the preface. 4 In its first two parts, the report addresses substantive criminal law and criminal procedure. As regards the first, the reader will find an informative presentation of the offences involved. Reviewing the conventional offences available (at least those which are of general application), the report recalls that it is possible to call upon both those classified as offences against property – theft and fraud – and offences against the person such as identity theft. Emphasis is also placed, of course, on the more specific offences of attacks on automated data processing systems (ADPS), combined with certain offences relating particularly to the processing of personal data. Hence a possible reversal in outlook is outlined, as businesses that are the victims of cyberattacks on their ADPS might themselves be liable for the inadequate protection of those systems. In the discussion of the offences, a call for caution should therefore be noted, which is explicitly expressed in developments designed to establish pre-emptive rules of e-governance for businesses. But when the damage is done, one must turn to the judicial response. The second part of the report offers this some very rich developments, highly practical in tone, which will be a very helpful guide for victims of cyberattacks. The first two parts of the report are not only full of various insights and advice, but also contain interviews with specialists, which give to the whole a resolutely practical and operational twist. But the report does not end there. As a conclusion, a third part offers “10 recommendations for advancing the fight against cybercrime”. One can only hope that these recommendations will be heard by the various institutions to which they are addressed. Might one dare to formulate an 11th, a recommendation that in fact simply translates what runs like a watermark through this report, namely that digital should not make us forget basic common sense: discretion is the better part of valour – even in digital, especially in digital. Agathe Lepage Professor at Université Panthéon-Assas (Paris II) 5 TABLE OF CONTENTS PREFACE 3 INTRODUCTION 8 PART ONE LEGAL TREATMENT OF CYBERATTACKS AND ECONOMIC AND SOCIAL CONSEQUENCES 18 CHAPTER I. : Offences targeting automated data processing systems (ADPS) 19 section I Definition of ADPS and data processing 19 section II The specific case of connected devices 20 section III Different attacks on ADPS and their punishment 21 section IV Consequences for businesses of attacks on their ADPS 25 IV-1. "Theft" of personal data, industrial and commercial secrets 25 IV-2. Financial and image consequences 26 IV-3. Risk of penalties in the event of failures of security of ADPS 28 section V The need to establish preventive rules of e-governance within overall business risk management systems 33 CHAPTER II. : Traditional offences in cyberspace 38 section I Damage to property 38 section II Identity theft that damages the reputation of a business 41 6 PART TWO CYBERATTACK: WHAT JUDICIAL RESPONSE? 45 CHAPTER I. : The players and their institutional framework 46 section I The french system 46 I-1. Specialisation of the investigative services 46 I-2. The specialisation of judges 52 I-3. The role of the national agency for the security of information systems and the independent administrative authorities 56 section II International police and judicial cooperation 57 II-1. The players at european and international level 57 II-2. Texts currently under discussion 58 II-3. the 2nd protocol to the Budapest convention 59 CHAPTER II : The implementation of criminal proceedings and the means of evidence 61 section I The complaint 61 I-1.
Load more

Recommended publications
  • Encrochatsure.Com
    EncroChatSure.com . Better Sure than sorry! EncroChat® Reference & Features Guide EncroChatSure.com 1 EncroChatSure.com . Better Sure than sorry! EncroChatSure.com . Better Sure than sorry! EncroChat® - Feature List 2 EncroChatSure.com . Better Sure than sorry! EncroChatSure.com . Better Sure than sorry! EncroChat® - The Basics Question: What are the problems associated with disposable phones which look like a cheap and perfect solution because of a number of free Instant Messaging (IM) apps with built-in encryption? Answer: Let us point to the Shamir Law which states that the Crypto is not penetrated, but bypassed. At present, the applications available on play store and Apple App store for Instant Messaging (IM) crypto are decent if speaking cryptographically. The problem with these applications is that they run on a network platform which is quite vulnerable. The applications builders usually compromise on the security issues in order to make their application popular. All these applications are software solutions and the software’s usually work with other software’s. For instance, if one installs these applications then the installed software interfere with the hardware system, the network connected to and the operating system of the device. In order to protect the privacy of the individual, it is important to come up with a complete solution rather than a part solution. Generally, the IM applications security implementations are very devastating for the end user because the user usually ignores the surface attacks of the system and the security flaws. When the user looks in the account, they usually find that the product is nothing but a security flaw.
    [Show full text]
  • Cybercrime Digest
    Cybercrime Digest Bi-weekly update and global outlook by the Cybercrime Programme Office of the Council of Europe (C-PROC) 16 – 31 May 2021 Source: Council of E-evidence Protocol approved by Cybercrime Europe Convention Committee Date: 31 May 2021 “The 24th plenary of the Cybercrime Convention Committee (T-CY), representing the Parties to the Budapest Convention, on 28 May 2021 approved the draft “2nd Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence. […] Experts from the currently 66 States that are Parties to the Budapest Convention from Africa, the Americas, Asia-Pacific and Europe participated in its preparation. More than 95 drafting sessions were necessary to resolve complex issues related to territoriality and jurisdiction, and to reconcile the effectiveness of investigations with strong safeguards. […] Formal adoption is expected in November 2021 – on the occasion of the 20th anniversary of the Budapest Convention – and opening for signature in early 2022.” READ MORE Source: Council of GLACY+: Webinar Series to Promote Universality Europe and Implementation of the Budapest Convention on Date: 27 May 2021 Cybercrime “The Council of Europe Cybercrime Programme Office through the GLACY+ project and the Octopus Project, in cooperation with PGA's International Peace and Security Program (IPSP), are launching a series of thematic Webinars as part of the Global Parliamentary Cybersecurity Initiative (GPCI) to Promote Universality and Implementation of the Budapest Convention on Cybercrime and its Additional Protocol.” READ MORE Source: Europol Industrial-scale cocaine lab uncovered in Rotterdam Date: 28 May 2021 in latest Encrochat bust “The cooperation between the French National Gendarmerie (Gendarmerie Nationale) and the Dutch Police (Politie) in the framework of the investigation into Encrochat has led to the discovery of an industrial-scale cocaine laboratory in the city of Rotterdam in the Netherlands.
    [Show full text]
  • Technological Surveillance and the Spatial Struggle of Black Lives Matter Protests
    No Privacy, No Peace? Technological Surveillance and the Spatial Struggle of Black Lives Matter Protests Research Thesis Presented in partial fulfillment of the requirements for graduation with research distinction in the undergraduate colleges of The Ohio State University by Eyako Heh The Ohio State University April 2021 Project Advisor: Professor Joel Wainwright, Department of Geography I Abstract This paper investigates the relationship between technological surveillance and the production of space. In particular, I focus on the surveillance tools and techniques deployed at Black Lives Matter protests and argue that their implementation engenders uneven outcomes concerning mobility, space, and power. To illustrate, I investigate three specific forms and formats of technological surveillance: cell-site simulators, aerial surveillance technology, and social media monitoring tools. These tools and techniques allow police forces to transcend the spatial-temporal bounds of protests, facilitating the arrests and subsequent punishment of targeted dissidents before, during, and after physical demonstrations. Moreover, I argue that their unequal use exacerbates the social precarity experienced by the participants of demonstrations as well as the racial criminalization inherent in the policing of majority Black and Brown gatherings. Through these technological mediums, law enforcement agents are able to shape the physical and ideological dimensions of Black Lives Matter protests. I rely on interdisciplinary scholarly inquiry and the on- the-ground experiences of Black Lives Matter protestors in order to support these claims. In aggregate, I refer to this geographic phenomenon as the spatial struggle of protests. II Acknowledgements I extend my sincerest gratitude to my advisor and former professor, Joel Wainwright. Without your guidance and critical feedback, this thesis would not have been possible.
    [Show full text]
  • Creating a Total Army Cyber Force: How to Integrate the Reserve Component Into the Cyber Fight
    No. 103W SEPTEMBER 2014 Creating a Total Army Cyber Force: How to Integrate the Reserve Component into the Cyber Fight Christopher R. Quick Creating a Total Army Cyber Force: How to Integrate the Reserve Component into the Cyber Fight by Christopher R. Quick The Institute of Land Warfare ASSOCIATION OF THE UNITED STATES ARMY AN INSTITUTE OF LAND WARFARE PAPER The purpose of the Institute of Land Warfare is to extend the educational work of AUSA by sponsoring scholarly publications, to include books, monographs and essays on key defense issues, as well as workshops and symposia. A work selected for publication as a Land Warfare Paper represents research by the author which, in the opinion of ILW’s editorial board, will contribute to a better understanding of a particular defense or national security issue. Publication as an Institute of Land Warfare Paper does not indicate that the Association of the United States Army agrees with everything in the paper but does suggest that the Association believes the paper will stimulate the thinking of AUSA members and others concerned about important defense issues. LAND WARFARE PAPER NO. 103W, September 2014 Creating a Total Army Cyber Force: How to Integrate the Reserve Component into the Cyber Fight by Christopher R. Quick Lieutenant Colonel Christopher R. Quick is currently the J39 Information Operations Branch Chief for Special Operations Command Forward–West Africa in Kelly Barracks, Stuttgart, Germany. He previously served as the Information Operations Branch Chief and Director of Communication Synchronization for U.S. Army Cyber Command/Second Army at Fort Belvoir, Virginia.
    [Show full text]
  • Cyber Mission Analysis
    UNCLASSIFIED//FOR OFFICIAL USE ONLY Cyber Mission Analysis Mission Analysis for Cyber Operations of Department of Defense Submitted in compliance with the reporting requirement contained in the Fiscal Year 2014 National Defense Authorization Act section 933(d), Public Law 113-66 Preparation of this study/report cost the Department of Defense approximately $587,000 for the 2014 Fiscal Year. This includes $15,000 in expenses and $572,000 in DoD labor Generated on 2014 August 21 RefID: E-0CD45F6 1 UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY Table of Contents I. Executive Summary ............................................................................................................... 4 II. Current State .......................................................................................................................... 6 Threat Landscape ............................................................................................................. 6 Policies, Oversight, and Relationships ............................................................................. 6 Cyber Missions ................................................................................................................ 8 Operational Command & Control (C2) ......................................................................... 10 Resilience, Mission Assurance, and Continuity of Operations...................................... 10 Recruitment, Retention, Management, Equipping, and Training the Force .................. 10 III. Current
    [Show full text]
  • Shotgun Licence Change of Address West Yorkshire
    Shotgun Licence Change Of Address West Yorkshire Whole and significative Lovell never submerse his nereids! Sebastian is remittently called after anteorbital Fleming effervesce his toxoids maturely. Priest-ridden Zack expects some Rotorua after qualifiable Yaakov underdraws mutationally. Mailing Address P Police arrested four trout from Nelson and Augusta counties on. For strong new licence variation transfer or forward it will do store on the. Firearms Licensing DepartmentSouth Yorkshire Police HQCarbrook House5 Carbrook Hall. Half the sentence as be served on licence Sheffield Crown point was told. Their teams through organisational change build successful relationships with partners. A copy of your passport or driving licence small arms 190's you will receive gold what is cross the picture. Ralph christie over the confidential online at all his workers is highly effective time of change of shotgun licence address west yorkshire police action the chief of the morbid sense of the. At far West Yorkshire Police science in Wakefield Judith met with by new. Changes of name address or any contact information must be submitted using an amendment form. Category of Mental Illness According to federal law individuals cannot carry a gun if however court such other object has deemed them to mental defective or committed them involuntarily to acute mental hospital. To the designation of funny hot zone to head only suitably trained firearms officers can go. Documentation required for Reader Registration. Firearm Dealership Land Nomination Forms Notification of disease Transfer. Further delay of the west yorkshire police force the public engagement and supersede any measures as banking information to! On wix ads.
    [Show full text]
  • Perspectives on Building a Cyber Force Structure
    Permission to make digital or hard copies of all or parts of 163 this work for internal use within NATO and for personal or Conference on Cyber Conflict educational use not done for profit or commercial purpose Proceedings 2010 is granted providing that copies bear this notice and a full C. Czosseck and K. Podins (Eds.) citation on the first page. Any other reproduction or trans- CCD COE Publications, 2010, Tallinn, Estonia. mission requires prior written permission. PERSPECTIVES ON BUILDING A CYBER FORCE STRUCTURE Stuart STARRa,1, Daniel KUEHLb,2, Terry PUDASc,3 aCenter for Technology and National Security Policy (CTNSP), Washington, DC, USA biCollege of the NDU. Washington, DC, USA cCTNSP, NDU, Washington, DC, USA Abstract: This paper explores the US’s cyber force structure with special em- phasis on the cyber workforce. To achieve that goal, this paper addresses several issues: it characterizes the nature of the cyber security problem; it draws on insights from senior decision-makers to identify cyber force struc- ture needs; it characterizes current capabilities by summarizing the key ini- tiatives that are being pursued by the US Services and key joint activities; and it identifies a spectrum of actions to mitigate shortfalls in the existing cyber forces structure (i.e. education; higher education and recruitment; cer- tification, retention, professional development, and workforce management; exercises; and security clearance requirements). The paper concludes by iden- tifying actions that NATO might pursue to improve its cyber force structure (e.g. conduct realistic, stressful exercises) and by identifying residual issues to address (e.g. career progression; value of employing “patriotic hackers”).
    [Show full text]
  • Eurojust Report on Drug Trafficking – Experiences and Challenges in Judicial Cooperation
    Eurojust Report on Drug trafficking Experiences and challenges in judicial cooperation April 2021 Criminal justice across borders Eurojust Report on Drug Trafficking – Experiences and challenges in judicial cooperation Table of Contents Executive summary ................................................................................................................................ 2 1. Introduction ................................................................................................................................... 4 2. Scope and methodology ................................................................................................................. 4 3. Casework at a glance ...................................................................................................................... 6 4. Specific issues in international judicial cooperation on drug trafficking cases ................................... 7 4.1. New Psychoactive Substances and precursors .......................................................................... 7 4.2. Cooperation with third countries ........................................................................................... 10 4.2.1. Cooperation agreements ................................................................................................ 12 4.2.2. Eurojust’s network of Contact Points .............................................................................. 13 4.2.3. Countries without a formal form of cooperation ............................................................
    [Show full text]
  • Crisis on Impact: Responding to Cyber Attacks on Critical Information Infrastructures, 30 J
    The John Marshall Journal of Information Technology & Privacy Law Volume 30 Issue 1 2013 Article 3 2013 Crisis on Impact: Responding to Cyber Attacks on Critical Information Infrastructures, 30 J. Marshall J. Info. Tech. & Privacy L. 31 (2013) Eugenia Georgiades William Caelli Sharon Christensen W.D. Duncan Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Eugenia Georgiades, William Caelli, Sharon Christensen & W.D. Duncan, Crisis on Impact: Responding to Cyber Attacks on Critical Information Infrastructures, 30 J. Marshall J. Info. Tech. & Privacy L. 31 (2013) https://repository.law.uic.edu/jitpl/vol30/iss1/3 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. CRISIS ON IMPACT: RESPONDING TO CYBER ATTACKS ON CRITICAL INFORMATION INFRASTRUCTURES EUGENIA GEORGIADES, WILLIAM J. CAELLI, SHARON CHRISTENSEN, & W.D. DUNCAN* ABSTRACT In the developing digital economy, the notion of traditional attack on enterprises of national significance or interest has transcended into different modes of electronic attack, surpassing accepted traditional forms of physical attack upon a target. The terrorist attacks that took place in the United States on September 11, 2001 demonstrated the physical devastation that could occur if any nation were the target of a large-scale terrorist attack.
    [Show full text]
  • Going Dark? Analysing the Impact of End-To-End Encryption on The
    Going dark? Analysing the impact of end-to-end encryption on the outcome of Dutch criminal court cases Pieter Hartel1 Rolf van Wegberg1 1{pieter.hartel,r.s.vanwegberg}@tudelft.nl April 15, 2021 Abstract Former US attorney general William Barr and law enforcement colleagues from other countries have published a statement on end-to-end encryption from which we quote: “while encryption is vital and privacy and cybersecurity must be protected, that should not come at the expense of wholly precluding law enforcement”. The main argument put forward by law enforcement is that end-to-end encryption (E2EE) hampers authorities prosecuting criminals who rely on encrypted communication - ranging from drug syndicates to child sexual abuse material (CSAM) platforms. This statement, however, is not supported by empirical evidence, and therefore not suitable as the sole basis of policymaking. That is why, in our work, we analyse public court data from the Netherlands to show to what extent law enforcement agencies and the public prosecution service are impacted by the use of E2EE in bringing cases to court and their outcome. Our results show that Dutch law enforcement appears to be as successful in prosecuting offenders who rely on encrypted communication as those who do not. In contrast to what the US attorney general wants us to believe, at least the prosecution of cases does not seem hampered by E2EE. 1 Introduction Article 19 of the Universal Declaration of Human Rights gives everyone the right to freedom of opinion and expression. Since 2011, this also covers the journalistic protection of sources [3].
    [Show full text]
  • Narita Bahra QC
    Narita Bahra QC "Excellent advocate whether addressing jury on the facts or presenting legal arguments to the judge. Tireless worker and meticulous and diligent in preparation. Totally deserving of rank of Queens Counsel. Full of integrity. Great asset to the Bar." Legal 500 2021 Year of Call: 1997 QC: 2019 020 7353 5324 Narita is instructed to defend in high profile and heavyweight Crime and Business Crime cases. Her Crime practice includes murder, organised crime (including overseas drug cartels, firearms and armed robberies) terrorism and serious sexual offences. Her Business & Financial Crime practice includes cases involving fraud, tax evasion, money laundering and anti-competitive conduct (cartels, market abuse, insider dealing). Narita’s fearless and tenacious approach makes her widely sought after by professional and lay clients. She is recognised as Queen’s Counsel who can skilfully deal with the most difficult of cases. Her investigative approach results in leading her team to successful results. She has been instructed in a number of high-profile cases in which disclosure failings by prosecuting authorities have been unmasked. Four of these cases became the subject of review by the House of Commons Committee. In 2019 Narita’s cross examination resulted in exposure of significant disclosure failings and disqualification of an expert witness. The case attracted substantial media coverage. Narita is instructed in the ensuing appeals at the Court of Appeal. Narita’s appointment as Queen’s Counsel had an auspicious start; she was asked to carry a pair of white silk gloves to the Silks Ceremony, to mark the centenary of women being allowed to enter the legal profession.
    [Show full text]
  • April 2021 NATIONAL CRIME AGENCY
    NATIONAL CRIME AGENCY Annual Submission to the National Crime Agency Remuneration Review Body Joint Submission with the Home Office April 2021 Summary Pay Reform is a crucial part of the delivery of our strategy. Our ambition remains to build on the previous three years of our pay framework, to be able to benchmark our Officers pay with our comparator markets, so that we can attract and retain the skills we need to lead the fight against Serious and Organised Crime. As the Review Body will know, the Chancellor of the Exchequer announced on 25 November 2020 that pay rises in the public sector will be restrained and targeted in 2021/22 at the Spending Review. This pause was instituted as a result of the impacts of the Covid-19 pandemic on society and the economy. This means a full year of Pay Reform is not achievable in 21/22. The NCA worked on a number of proposals that can be implemented in future pay rounds from 2022/23 onwards. This year we are able to: Support progression of existing officers through the capability-based pay framework [our spot-rates]. Apply a £250 award for officers earning less than £24,000 full-time equivalent. Continue to apply our non-consolidated pay pot to target key areas of challenge on recruitment and retention. Whilst the Agency cannot implement new initiatives this year, we will continue to build our future pay strategy for our Officers, and will plan to implement these in 2022/23 onwards. 2 Chapter One Organisational Strategy This chapter sets out: The NCA’s mission, cross-cutting organisational priorities, and the organisation’s structure to deliver the same; How the NCA is leading the fight to cut Serious and Organised Crime; How the Agency is evolving to meet the changing nature of Serious and Organised Crime; and Our high-level financial position with specific respect to our pay proposals for 2021/22.
    [Show full text]